CN101764690A - Internet-based secret information communicating method - Google Patents

Internet-based secret information communicating method Download PDF

Info

Publication number
CN101764690A
CN101764690A CN200810220243A CN200810220243A CN101764690A CN 101764690 A CN101764690 A CN 101764690A CN 200810220243 A CN200810220243 A CN 200810220243A CN 200810220243 A CN200810220243 A CN 200810220243A CN 101764690 A CN101764690 A CN 101764690A
Authority
CN
China
Prior art keywords
key
secret information
public
data
cert
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN200810220243A
Other languages
Chinese (zh)
Inventor
陆哲明
刘继新
陆震扬
陈冰冰
季统凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Electronic Industry Institute Co Ltd
Original Assignee
Guangdong Electronic Industry Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Electronic Industry Institute Co Ltd filed Critical Guangdong Electronic Industry Institute Co Ltd
Priority to CN200810220243A priority Critical patent/CN101764690A/en
Publication of CN101764690A publication Critical patent/CN101764690A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention relates to the field of Internet communication, and in particular relates to an Internet-based secret information communicating method. The method comprises the following steps: authenticating identities of users of two parties after the two communicating parties input the IP address of the opposite party and establish connection, entering speech communication to start a secret information communicating process after the authentication is qualified; firstly, changing keys, and embedding the secret information into voice audio data of a carrier; then, transmitting the data to the opposite party in an IP data packet mode after the voice audio data embedded with the conceal information is encrypted and packaged; decrypting the data packet after the opposite party receives the voice audio data packet, and executing information extraction algorithm to extract the secret information data; and transmitting the received voice audio data to an audio card to play, or writing the voice audio data to a voice audio file, or directly deleting the voice audio data. The method has the function of transmitting the secret information while realizing network voice telephone, effectively solves the problem of secret information communication via the Internet, has the advantages of easy realization, low cost, good compatibility and high reliability, has strong practical value, and can be applied to Internet transmission of the secret information.

Description

Secret information communicating method based on the Internet
Technical field
The present invention relates to field of Internet communication, refer in particular to a kind of secret information communicating method based on the Internet.
Background technology
Basic change has taken place in the mode that makes us obtain information and communicate with one another that develops rapidly of Internet technology.Obtaining increasing people's use as voice-over-net phone with its low rate, convenience, clear characteristics based on Internet technology; But, the free communication by the Internet between the people, as Email, exchange files, voice-over-net conversation etc. is to carry out in the cyberspace of an opening.In this open space, except the both sides of communication; Other can various means obtaining communication contents as third parties such as the person of meaning no harm, malicious attacker and Virtual network operators; That is to say, when Internet technology has been brought convenience and efficient to us, also our individual privacy information or important confidential information are made known publicly.Traditional internet communication is maintained secrecy to be had:
1, Virtual network operator is to the encryption of communication protocol data.But because the opening of network communication protocol, the fail safe of this mode is also bad;
2, treat the encryption of transmitting content data.The advantage of this secret mode is simple and convenient, and is workable, in case but data encrypted is obtained and cracked to malicious attacker, and will there be fail safe to say fully;
3,, in the practical engineering application single key and conbined public or double key cryptographic system are combined use with regard to cryptographic system.Can realize via the encryption key distribution of overt channel so safely and set up the purpose of secure communication channel fast and effectively.It is despiteful that but this secure communication channel is received easily, attack targetedly and disturb, promptly under the situation of non-decrypting ciphertext by implementing the failure that strong jamming causes secure communication.
Though take all secrecy provisions, such as encryption to communication protocol and Content of Communication data; But, always can go deciphering as long as the assailant of malice obtains a large amount of ciphered data samples by every possible means; Therefore, just ciphered data is easy to be subjected to attacking targetedly, thereby also becomes more dangerous.
The Internet is through the development of decades, and popularity is more and more higher.In recent years, along with the development of Internet technology, insert and use cost reduction gradually, and the speed of network is more and more higher with the service content and the quality that provide.That can exaggerate not says, huge numbers of families have been come in the Internet, becomes indispensable amusement of a kind of people and means of communication.Conventional its confidentiality of phone is poor, various attacks such as monitoring easily are subjected to making contact, and now widely popular code phone price is higher, cryptographic algorithm can not be changed, and third party's uppick is noise, is easy to judge to carry out secure communication, thereby can carries out malice, have at interference, make secure communication to carry out.And PC has obtained significant progress at present to the IP network voice call of PC.Though the Internet transmits The data self adaptation route between computer and computer, packet data package, store-and-forward mechanism, the Internet is a connectionless computer network system simultaneously, the path of transmission is uncertain, storage and the time of transmitting are uncertain, in addition, the also same network condition of communication quality is (as congested, link failure etc.) direct relation is arranged, but ITU-T (Bureau of Standards of international telecommunication union telecommunication) and IETF internationalization such as (Internet engineering duty groups) is organized and has been specified the consensus standard that is suitable for carrying out on the internet voice communication and voice compression coding standard (as protocol suite H.323, G.711, G.723.1, G.729 etc.), just can realize having the certain QoS (abbreviation of Quality of Service as long as follow these standards; Be a kind of security mechanism of network, with solving a kind of technology of problems such as network delay and obstruction) internet speech communication system.In addition, carry out the support that secret communication needs relevant hardware and software, now computer powerful, hardware configuration is high, software is abundant, can satisfy the requirement of secret communication to arithmetic speed and agreement fully.
Summary of the invention
The technical problem that the present invention solves be to provide a kind of fail safe good, with low cost, be easy to realize, compatible good secret information communicating method based on the Internet.
The technical problem that the present invention solves is achieved by the following technical solution: in communicating pair input the other side's IP address and after connecting, user both sides are carried out authentication, authentication by after enter voice communication and begin the secret information communicating process; At first carry out cipher key change, secret information is embedded in the carrier voice audio data then; Afterwards, voice audio data encryption, the packing back that has embedded secret information sent to the other side with the form of IP packet; The other side is decrypted it after receiving this voice audio data bag, carries out information extraction algorithm again, and the secret information data extract is come out; Simultaneously the voice audio data that receives being sent to sound card plays back or writes in the speech audio file or directly deletion.
The method that adopts asymmetric key algorithm and symmetric key algorithm to combine realizes authentication.
The method that described secret information embeds the carrier voice audio data is at first to read the carrier voice audio signals from microphone or from the audio file of prerecording; Simultaneously secret information is carried out direct-sequence spread-spectrum modulation and handle formation secret information data bit flow; Carry out the secret information hidden algorithm again, finish its frequency domain is sheltered shaping thereby according to the carrier voice audio data of input the secret information data bit flow is calculated masking threshold according to the masking effect of human auditory's model; The secret information data bit flow that to shelter at last after the shaping is added on the carrier voice audio data.
Described authentication is to carry out as follows:
Step 1, user A opens the secret information communicating program that operates on the TA, input username and password password, if the username and password password correctly TA send to TB and comprise MAC AAnd Cert A=Enc Cert_Public(Key Cert_Private, ID A)+Enc Cert_Public(Key Cert_Private, Key A_Public) the verification msg bag, initiate communication and also await a response;
Step 2, TB verifies Cert ALegitimacy, ID A'=Dec Cert_Public(Key Cert_Public, Enc Cert_Public(Key Cert_Private, ID A)), if ID A'=ID A, Cert then ABe legal; Then for the correctness of the PKI that guarantees user A, again by Cert AIn calculate Key A_Public: Key A_Public'=Dec Cert_Public(Key Cert_Public, Enc Cert_Public(Key Cert_Private, Key A_Public)), if Key A_Public'=Key A_Public, then TB requires user B input password password;
Step 3, if the password password of user B input is correct, then TB generates a checking random number R and A, and the PKI Key of use A A_PublicTo its encryption, Rand B'=Enc Public(Key A_Public, Rand B), then with Rand B', MAC BAnd Cert BSend to TA by the verification msg bag together, make response;
Step 4, TA verifies Cert BLegitimacy: ID B'=Dec Cert_Public(Key Cert_Public, Enc Cert_Pubilic(Key Cert_Private, ID B), if ID B'=ID BCert then BBe legal, then for the correctness of the PKI that guarantees user B, again by Cert BIn calculate Key B_Public: Key B_Public'=Dec Cert_Public(Key Cert_Public, Enc Cert_Public(Key Cert_Private, Key B_Public)), if Key A_Public'=Key A_Public, then explanation is extracted successfully, extracts the checking random number R and of TB again B", Rand B"=Dec Public(Key A_Private, Rand B'), a checking of regeneration random number R and ABe used to verify the legitimacy of TB, and use the PKI Key of user B B_PublicTo Rand AAnd Rand B" encrypt Rand A'=Enc Public(Key B_Pbulic, Rand A), Rand BThe Enc of " '= Public(Key B_Pbulic, Rand B") is at last with Rand B" ' and Rand A' send to TB by the verification msg bag together;
Step 5, TB extracts checking random number R and B 4=Dec Public(Key B_Private, Rand B" '), has only Key A_Public, Key A_Private, Key B_PublicAnd Key B_PrivateWhen all legal, Rand B 4=Rand B, TB finishes the legitimate verification to TA; TB extracts the checking random number R and of TA A" also the public key encryption with A gets Rand AThe Enc of " '= Public(Key A_Public, Dec Public(Key B_Private, Rand A')), with Rand A" ' send TA to by the verification msg bag, TB enters the key management state;
Step 6, TA extracts checking random number R and A 4=Dec Public(Key A_Private, Rand A" '), has only the Key of working as B_Public, Key B_Private, Key A_PublicAnd Key A_PrivateWhen all legal, Rand A 4=Rand A, TA finishes the legitimate verification to TB.TA enters the key management state.
Described cipher key exchange step is:
Key sends, and communication initiator TA (or TB) produces the key K ey of the symmetric cryptographic algorithm that is used for the encrypted transmission data DataAnd use the PKI of TB (or TA) that it is encrypted:
Key Data'=Enc Public(Key B_Public, Key Data) (or Key Data'=Enc Public(Key A_Public, Key Data)) with Key Data' send TB (or TA) to by the verification msg bag;
Key receives, the Key of TB (or TA) to receiving Data' deciphering, Key Data=Dec Public(Key B_Private, Key Data') and send " SUCC " information to TA (or TB) by command packet, and enter the secret information communicating state; TA (or TB) also enters the secret information communicating state after receiving " SUCC " information.
After authentication and the cipher key change, system enters the secret information communicating stage; In this process, TA is with secret information data g[n] through pseudo random sequence be d[n] direct-sequence spread-spectrum modulation after obtain secret information data bit flow s m[n] does short time discrete Fourier transform to it again and obtains frequency domain representation s m[j ω], afterwards by from microphone or directly read carrier voice audio signals m[n from file], use the auditory masking model according to m[n] spectral characteristic to s m[j ω] does and obtains s after frequency domain is sheltered shaping w[j ω] does inverse Fourier transform to it and obtains s w[n] then adds m[n with it] obtain embedding the carrier voice audio signals m[n behind the secret information]+s w[n] uses symmetric key Key to it afterwards DataEncrypt and be packaged into the IP datagram that comprises the general data bag after send to TB by the Internet, TB is through unpacking and use Key to the IP datagram that receives DataObtain embedding the carrier voice audio signals m[n of secret information after the deciphering]+s w[n], through secret information Detection and Extraction module, the method for using matched filter and carrying out the threshold value judgement is rebuild and is obtained secret information data g ' [n], so far finishes the secret information communicating process one time; TB also can make to use the same method and finish secret information communicating to TA transmission secret information data.
The secret information communicating concrete steps are as follows:
Step 1, party A-subscriber and B move the secret information communicating program on computer TA and TB, and user name and the user cipher imported separately respectively according to prompting enter the secret information communicating program;
Step 2, party A-subscriber and party B-subscriber import IP address each other separately, connect by ICP/IP protocol;
Step 3, MAC information and the back IP packet that comprises the verification msg bag that uses of digital certificate encryption that one side (supposing TA) of initiation secret information communicating will be contained this machine network interface card send to TB, after TB receives this verification msg bag, extract the PKI of user A after digital certificate wherein verified; To use the IP packet that comprises the verification msg bag to send to TA with MAC Address and the digital certificate of the interim checking random number behind the rsa encryption, TB then;
Step 4, TA to the checking of the digital certificate of user B after, the interim checking random number that deciphering TB sends also generates own interim checking random number, with they with rsa encryption after the use IP datagram that comprises the verification msg bag send to TB; TB verifies these two interim checking random numbers, and encrypts the interim checking random number of TA and send to TA, and shows the authentication successful information;
Step 5, TA checking TB beams back next interim checking random number, and shows the authentication successful information; The symmetric key that the regeneration secret information communicating is used is encrypted the back with RSA Algorithm to it and is used the IP packet that comprises the verification msg bag to send to TB, and TB receives this symmetric key and deciphering, beams back " SUCC " information to TA, promptly finishes key exchange process; TA utility command packet sends " STAR " order to TB, and TB postbacks " STAR " order, and both sides promptly enter the secret information communicating state;
Step 6, TA from microphone or from the file reading of data prerecorded as the carrier voice audio data, read the secret information data from file simultaneously, earlier it is done and form the secret information data bit flow after according to the carrier voice audio data it being done frequency-domain shaping again after the direct-sequence spread-spectrum modulation, again it is added to the carrier voice audio data that just obtains having embedded secret information in the carrier voice audio data, uses the IDEA algorithm for encryption to send to TB by the IP packet that comprises the general data bag then it; After TB receives secondary data, at first, obtain the secret information data through the Detection and Extraction module again, finish the secret information communicating process one time with the deciphering of IDEA algorithm;
Step 7, after one time the secret information communicating process is finished, both sides still are in connection status, if a side thinks to carry out secret information communicating again, can send " STAR " command packet to the other side, the opposing party also postbacks " STAR " command packet, will use symmetric key at that time to carry out secret information communicating once more;
Step 8, if the communicating pair desire finishes this secret information communicating process, then a direction the opposing party sends " TERM " command packet, the opposing party also postbacks " TERM " command packet, then both sides carry out the cipher key destruction process, enter the key management state, wait for next step operation of user;
Step 9 if the user closes the secret information communicating program, then quits a program, or returns step 5 and proceed secret information communicating.
IP packet head defines the attribute of bag with 4 bytes that are right after destination address, all is ' 0 ' to represent that this is an IP packet that comprises the general data bag; All be ' 1 ' to represent that this is an IP packet that comprises command packet; 4 bytes for ' then to identify this be an IP packet that comprises the verification msg bag to VERI '.
The present invention has the function of transmission secret information when realizing the voice-over-net phone; Because each network equipment (for example network interface card) all has a globally unique MAC Address number, be used to do authenticating user identification to guarantee being that authorized user carries out secret information communicating really on legal computer so this information combined with the user name of user's login system.The present invention is to be furnished with network interface card, microphone and loud speaker and standard configuration computer that can internet login to hardware requirement; Have and realize that expense is cheap easily, compatible good, the advantage that reliability is high has stronger practical value.
Description of drawings
The present invention is further described below in conjunction with accompanying drawing:
Fig. 1 is a secret information communicating structured flowchart of the present invention;
Fig. 2 is an IP packet head pie graph of the present invention;
Fig. 3 is the flow chart of one action of the present invention;
Fig. 4 is system works flow process figure of the present invention.
Embodiment
As shown in drawings, the secret information communicating method that the present invention proposes based on the Internet, after communicating pair is imported the other side's IP address and is connected, user both sides are carried out authentication, after entering the state of voice communication, promptly can begin the secret information communicating process, as shown in Figure 1, at first read the carrier voice audio signals from microphone or from the audio file of prerecording, simultaneously secret information is carried out direct-sequence spread-spectrum modulation through direct-sequence spread-spectrum modulation module 1 and handle formation secret information data bit flow, carry out the secret information hidden algorithms through sheltering Shaping Module 2 again, finish its frequency domain is sheltered shaping thereby according to the carrier voice audio data of input the secret information data bit flow is calculated masking threshold according to the masking effect of human auditory's model.The secret information data bit flow that to shelter at last after the shaping is added on the carrier voice audio data, has just finished process that secret information hides and the voice audio data that obtained to embed secret information.Afterwards, the voice audio data that has embedded secret information is encrypted, the packing back sends to the other side with the form of IP datagram, after the other side receives this voice audio data bag, it is decrypted, extraction module 3 is carried out information extraction algorithm after testing again, and the secret information data extract is come out, and simultaneously the voice audio data that receives is sent to sound card and plays back or write in the speech audio file or directly deletion; So just finished the process of secret information communicating.
In order to prevent the illegal use of unauthorized person to native system, the method that the present invention has taked in the actual engineering asymmetric key algorithm commonly used and symmetric key algorithm to combine realizes authentication, thereby realizes via the encryption key distribution of overt channel and set up the purpose of secret communication channel fast and effectively.For clearer description the method, below this programme is divided into authentication, cipher key change and secret information communicating and also is illustrated respectively.
1, the description of expression symbol
1) authentication denotational description: the PKI that adopts in the scheme (abbreviation of Public Key Infrastructure, public key architecture) identity authorization system, asymmetric cryptosystem and symmetric cryptosystem are respectively: (M, C, Key Cert_Private, Key Cert_Public, Enc Cert_Public, Dec Cert_Public), (M, C, Key Private, Key Public, Enc Public, Dec Public) and (M, C, Key Data, Enc DataDec Data); A and B represent legal secret communication promoter and recipient user respectively; TA and TB represent the computer equipment of A and B respectively; MAC AAnd MAC BThe Mac information of representing the network interface card of TA and TB respectively; ID AAnd ID BThe identity information of representing A and B respectively, the user name when being exactly login system here; Key A_Public, Key B_PublicAnd Key Cert_PublicThe PKI of representing user A, B and the CA of certification authority respectively; Key A_Private, Key B_PrivateAnd Key Cert_PrivateThe private key of representing user A, B and the CA of certification authority respectively; Cert AAnd Cert BRepresent that respectively the CA of certification authority is presented to the digital certificate of user A and B, wherein:
Cert A = ID A + Enc Cert _ Public ( Key Cert _ Private , ID A ) + Enc Cert _ Public ( Key Cert _ Private , Ke y A _ Public ) Cert B = ID B + Enc Cert _ Public ( Key Cert _ Private , ID B ) + Enc Cert _ Public ( Key Cert _ Private , Key B _ Public )
Rand AAnd Rand BRepresent the interim checking random number that generates of user A and B respectively; Key DataThe expression symmetric key; Data represents data message.
2) cipher key change denotational description: KeyM CommuteAnd KeyM DestroySymmetric key transmission, reception and the symmetric key of the each communication of expression are destroyed operation respectively.
3) secret information communicating denotational description: it is (M, C, Enc that the secret information that scheme adopts is hidden system representation H, Dec H); M[n] expression carrier voice audio signals; D[n] the expression pseudo random sequence; G[n] expression secret information data; s mThe secret information data bit flow of [n] expression after direct-sequence spread-spectrum modulation; s m[j ω] expression is to s m[n] is the result who obtains behind the short time discrete Fourier transform; s w[j ω] expression is to s m[j ω] uses the result after the shaping of auditory masking model; s w[n] expression is to s w[j ω] is the result that inverse Fourier transform obtains; M[n]+s wCarrier voice audio signals after [n] expression embeds; G ' [n] expression receiving terminal Detection and Extraction and the secret information data of rebuilding.
2, the description of data packet format
Scheme has used the packet of different-format to carry out authentication and secret information communicating, as general data bag, command packet and verification msg bag.Primitive via the internet transmission data is the IP packet, it is made up of packet head and data two parts, and the packet head is made up of the optional part of the regular length of 20 bytes part and variable-length, and the optional part of this variable-length is used for the data packet format of definition scheme.As shown in Figure 2, the IP packet head of modification defines the attribute of bag with 4 bytes that are right after destination address, all is ' 0 ' to represent that this is an IP packet that comprises the general data bag; All be ' 1 ' to represent that this is an IP packet that comprises command packet, 4 bytes are IP packets that comprises the verification msg bag for ' VERI ' then identifies this.
System carries out once complete secret information communicating flow process as shown in Figure 3, is made up of several sections such as authentication, cipher key change and secret information communicatings.
1) authentication:
In order to guarantee secret information to be sent to legal users and prevent that unauthorized user from using native system, the identification authentication mode of scheme employing and password password and digital certificate combination is in this authentication system that has adopted unsymmetrical key and symmetric key algorithm to combine accordingly.
Step 1, user A opens the secret information communicating program that operates on the TA, input username and password password, if the username and password password correctly TA send to TB and comprise MAC AAnd Cert A=Enc Cert_Public(Key Cert_Private, ID A)+Enc Cert_Public(Key Cert_Private, Key A_Public) the verification msg bag, initiate communication and also await a response;
Step 2, TB verifies Cert ALegitimacy, ID A'=Dec Cert_Public(Key Cert_Public, Enc Cert_Public(Key Cert_Private, ID A)), if ID A'=ID A, Cert then ABe legal; Then for the correctness of the PKI that guarantees user A, again by Cert AIn calculate Key A_Public: Key A_Public'=Dec Cert_Public(Key Cert_Public, Enc Cert_Public(Key Cert_Private, Key A_Public)), if Key A_Public'=Key A_Public, then TB requires user B input password password;
Step 3, if the password password of user B input is correct, then TB generates a checking random number R and A, and the PKI Key of use A A_PublicTo its encryption, Rand B'=Enc Public(Key A_Public, Rand B), then with Rand B', MAC BAnd Cert BSend to TA by the verification msg bag together, make response;
Step 4, TA checking CertB legitimacy: ID B'=Dec Cert_Public(Key Cert_Public, Enc Cert_Pubilic(Key Cert_Private, ID B), if ID B'=ID BCert then BBe legal, then for the correctness of the PKI that guarantees user B, again by Cert BIn calculate Key B_Public: Key B_Public'=Dec Cert_Public(Key Cert_Public, Enc Cert_Public(Key Cert_Private, Key B_Public)), if Key A_Public'=Key A_Public, then explanation is extracted successfully, extracts the checking random number R and of TB again B", Rand B"=Dec Public(Key A_Private, Rand B'), a checking of regeneration random number R and ABe used to verify the legitimacy of TB, and use the PKI Key of user B B_PublicTo Rand AAnd Rand B" encrypt Rand A'=Enc Public(Key B_Pbulic, Rand A), Rand BThe Enc of " '= Public(Key B_Pbulic, Rand B") is at last with Rand B" ' and Rand A' send to TB by the verification msg bag together;
Step 5, TB extracts checking random number R and B 4=Dec Public(Key B_Private, Rand B" '), has only Key A_Public, Key A_Private, Key B_PublicAnd Key B_PrivateWhen all legal, Rand B 4=Rand B, TB finishes the legitimate verification to TA; TB extracts the checking random number R and of TA A" also the public key encryption with A gets Rand AThe Enc of " '= Public(Key A_Public, Dec Public(Key B_Private, Rand A')), with Rand A" ' send TA to by the verification msg bag, TB enters the key management state;
Step 6, TA extracts checking random number R and A4=Dec Public(Key A_Private, Rand A" '), has only the Key of working as B_Public, Key B_Private, Key A_PublicAnd Key A_PrivateWhen all legal, RandA 4=Rand A, TA finishes the legitimate verification to TB.TA enters the key management state.
2) cipher key change:
Because the encryption and decryption arithmetic speed of public key encryption algorithm is lower, and PKI and private key are to the general long-term replacing of not doing, thereby the assailant can obtain bigger its fail safe of encryption sample exists hidden danger, this programme has taked on the actual engineering DSE arithmetic of a key of a secret information communicating commonly used to come data encryption to transmission, but the key of symmetric cryptographic algorithm still transmits by public-key cryptosystem, the data volume of the encryption sample of Chan Shenging is very little and have suddenly like this, can alleviate the defective to transmission The data public key encryption algorithm to a certain extent.Come carrying out cipher key change and secret information communicating for the mode that adopts DSE arithmetic and asymmetric cryptosystem combination, system has the function of cipher key change (comprising that key transmission, key receive), cipher key destruction and key change, specifically describes as follows:
Key sends, and communication initiator TA (or TB) produces the key K ey of the symmetric cryptographic algorithm that is used for the encrypted transmission data DataAnd use the PKI of TB (or TA) that it is encrypted:
Key Data'=Enc Public(Key B_Public, Key Data) (or Key Data'=Enc Public(Key A_Public, Key Data)) with Key Data' send TB (or TA) to by the verification msg bag;
Key receives, the Key of TB (or TA) to receiving Data' deciphering, Key Data=Dec Public(Key B_Private, Key Data') and send " SUCC " information to TA (or TB) by command packet, and enter the secret information communicating state; TA (or TB) also enters the secret information communicating state after receiving " SUCC " information;
Cipher key destruction, after TB and TA finished secret information communicating process, both sides sent " DEST " information mutually by command packet, carry out the cipher key destruction operation;
The key change, TA and TB connect and the authentication success after, after the same symmetric key of use has carried out the secret information communicating of one or many, communicating pair can also make that by the change to symmetric key secret communication is safer, specific practice is: TA (or TB) sends " CHAC " information by the utility command packet to TB (or TA), and comprises newly-generated symmetric key Key2 in the content of IP packet Data, and TB (or TA) has changed the key success by command packet response " SUCC " information representation after receiving this information, both sides carry out and enter the secret information communicating state after original cipher key is destroyed operation.
3) secret information communicating:
After authentication and the cipher key change, system enters the secret information communicating stage; As shown in Figure 1, in this process, TA is with secret information data g[n] through pseudo random sequence be d[n] direct-sequence spread-spectrum modulation after obtain secret information data bit flow s m[n] does short time discrete Fourier transform to it again and obtains frequency domain representation s m[j ω], afterwards by from microphone or directly read carrier voice audio signals m[n from file], use the auditory masking model according to m[n] spectral characteristic to s m[j ω] does and obtains s after frequency domain is sheltered shaping w[j ω] does inverse Fourier transform to it and obtains s w[n] then adds m[n with it] obtain embedding the carrier voice audio signals m[n behind the secret information]+s w[n] uses symmetric key Key to it afterwards DataEncrypt and be packaged into the IP datagram that comprises the general data bag after send to TB by the Internet, TB is through unpacking and use Key to the IP datagram that receives DataObtain embedding the carrier voice audio signals m[n of secret information after the deciphering]+s w[n], through secret information Detection and Extraction module, the method for using matched filter and carrying out the threshold value judgement is rebuild and is obtained secret information data g ' [n], so far finishes the secret information communicating process one time; TB also can make to use the same method and finish secret information communicating to TA transmission secret information data.
4) secret communication finishes: TA and TB are after finishing the secret information communicating of one or many, TA (or TB) sends " TERM " information to TB (or TA) by command packet, TB (or TA) responds " TERM " information after receiving this information, both sides carry out the cipher key destruction operation afterwards, enter circular wait user operation, initiate new cipher key management procedures and secret information communicating or log off.
System works flow process of the present invention as shown in Figure 4, concrete performing step is described below:
Step 1, party A-subscriber and B move the secret information communicating program on computer TA and TB, and user name and the user cipher imported separately respectively according to prompting enter the secret information communicating program;
Step 2, party A-subscriber and party B-subscriber import IP address each other separately, connect by ICP/IP protocol;
Step 3, MAC information and the back IP packet that comprises the verification msg bag that uses of digital certificate encryption that one side (supposing TA) of initiation secret information communicating will be contained this machine network interface card send to TB, after TB receives this verification msg bag, extract the PKI of user A after digital certificate wherein verified; To use the IP packet that comprises the verification msg bag to send to TA with MAC Address and the digital certificate of the interim checking random number behind the rsa encryption, TB then;
Step 4, TA to the checking of the digital certificate of user B after, the interim checking random number that deciphering TB sends also generates own interim checking random number, with they with rsa encryption after the use IP datagram that comprises the verification msg bag send to TB; TB verifies these two interim checking random numbers, and encrypts the interim checking random number of TA and send to TA, and shows the authentication successful information;
Step 5, TA checking TB beams back next interim checking random number, and shows the authentication successful information; The symmetric key that the regeneration secret information communicating is used is encrypted the back with RSA Algorithm to it and is used the IP packet that comprises the verification msg bag to send to TB, and TB receives this symmetric key and deciphering, beams back " SUCC " information to TA, promptly finishes key exchange process; TA utility command packet sends " STAR " order to TB, and TB postbacks " STAR " order, and both sides promptly enter the secret information communicating state;
Step 6, TA from microphone or from the file reading of data prerecorded as the carrier voice audio data, read the secret information data from file simultaneously, earlier it is done and form the secret information data bit flow after according to the carrier voice audio data it being done frequency-domain shaping again after the direct-sequence spread-spectrum modulation, again it is added to the carrier voice audio data that just obtains having embedded secret information in the carrier voice audio data, uses the IDEA algorithm for encryption to send to TB by the IP packet that comprises the general data bag then it; After TB receives secondary data, at first, obtain the secret information data through the Detection and Extraction module again, finish the secret information communicating process one time with the deciphering of IDEA algorithm;
Step 7, after one time the secret information communicating process is finished, both sides still are in connection status, if a side thinks to carry out secret information communicating again, can send " STAR " command packet to the other side, the opposing party also postbacks " STAR " command packet, will use symmetric key at that time to carry out secret information communicating once more;
Step 8, if the communicating pair desire finishes this secret information communicating process, then a direction the opposing party sends " TERM " command packet, the opposing party also postbacks " TERM " command packet, then both sides carry out the cipher key destruction process, enter the key management state, wait for next step operation of user;
Step 9 if the user closes the secret information communicating program, then quits a program, or returns step 5 and proceed secret information communicating.
The secret information communicating that The present invention be directed to based on the Internet designs, because each network equipment (for example network interface card) all has a globally unique MAC Address number, be used to do authenticating user identification to guarantee being that authorized user carries out secret information communicating really on legal computer so this information combined with the user name of user's login system.Pass through modification utilization in addition, defined and be applicable to general data bag of the present invention, command packet and verification msg packet format, and defined corresponding order the retaining space of IP packet head.Owing to be,, proposed simultaneously to use and Information hiding algorithm arrangement of the present invention so the present invention does not do any compression to the carrier voice audio data at the higher internet transmission voice audio data of speed.For authentication, the method that the present invention has adopted symmetric key algorithm commonly used in the actual engineering to combine with asymmetric key algorithm, adopted symmetric cryptographic algorithm to accelerate arithmetic speed for the encryption and decryption that embeds back carrier voice audio data, and in order to guarantee not produce a large amount of ciphertext samples, adopted the method that the user can irregular change symmetric key to improve fail safe.Asymmetric cryptographic algorithm and certification authentication algorithm adopt be RSA (with inventor Ron Rivest, AdiShamir and Leonard Adleman name can be used to simultaneously encrypt and a kind of algorithm of digital signature), what symmetric cryptographic algorithm adopted is IDEA (abbreviation of InternationalData Encryption Algorithm is a recommended standard algorithm of nineteen ninety being learned good X.J.Lai and Massey proposition by technical college of Swiss Confederation).

Claims (10)

1. secret information communicating method based on the Internet is characterized in that: in communicating pair input the other side's IP address and after connecting, user both sides are carried out authentication, authentication by after enter voice communication and begin the secret information communicating process; At first carry out cipher key change, secret information is embedded in the carrier voice audio data then; Afterwards, voice audio data encryption, the packing back that has embedded secret information sent to the other side with the form of IP packet; The other side is decrypted it after receiving this voice audio data bag, carries out information extraction algorithm again, and the secret information data extract is come out; Simultaneously the voice audio data that receives being sent to sound card plays back or writes in the speech audio file or directly deletion.
2. the secret information communicating method based on the Internet according to claim 1 is characterized in that: the method that adopts asymmetric key algorithm and symmetric key algorithm to combine realizes authentication.
3. the secret information communicating method based on the Internet according to claim 1 is characterized in that: the method that described secret information embeds the carrier voice audio data is at first to read the carrier voice audio signals from microphone or from the audio file of prerecording; Simultaneously secret information is carried out direct-sequence spread-spectrum modulation and handle formation secret information data bit flow; Carry out the secret information hidden algorithm again, finish its frequency domain is sheltered shaping thereby according to the carrier voice audio data of input the secret information data bit flow is calculated masking threshold according to the masking effect of human auditory's model; The secret information data bit flow that to shelter at last after the shaping is added on the carrier voice audio data.
4. the secret information communicating method based on the Internet according to claim 2 is characterized in that: the method that described secret information embeds the carrier voice audio data is at first to read the carrier voice audio signals from microphone or from the audio file of prerecording; Simultaneously secret information is carried out direct-sequence spread-spectrum modulation and handle formation secret information data bit flow; Carry out the secret information hidden algorithm again, finish its frequency domain is sheltered shaping thereby according to the carrier voice audio data of input the secret information data bit flow is calculated masking threshold according to the masking effect of human auditory's model; The secret information data bit flow that to shelter at last after the shaping is added on the carrier voice audio data.
5. the secret information communicating method based on the Internet according to claim 2 is characterized in that: described authentication is to carry out as follows:
Step 1, user A opens the secret information communicating program that operates on the TA, input username and password password, if the username and password password correctly TA send to TB and comprise MAC AAnd Cert A=Enc Cert_Public(Key Cert_Private, ID A)+Enc Cert_Public(Key Cert_Private, Key A_Public) the verification msg bag, initiate communication and also await a response;
Step 2, TB verifies Cert ALegitimacy, ID ' A=Dec Cert_Public(Key Cert_Public, Enc Cert_Public(Key Cert_Private, ID A)), if ID ' A=ID A, Cert then ABe legal; Then for the correctness of the PKI that guarantees user A, again by Cert AIn calculate Key A_Public: Key ' A_PublicDec Cert_Public(Key Cert-pubttc, Enc Cert_Public(Key Cert_Private, Key A_Public)), if Key ' A_Public=Key A_Public, then TB requires user B input password password;
Step 3, if the password password of user B input is correct, then TB generates a checking random number R and A, and the PKI Key of use A A_PublicTo its encryption, Rand ' B=Enc Public(Key A_Public, Rand B), then with Rand ' B, MAC BAnd Cert BSend to TA by the verification msg bag together, make response;
Step 4, TA verifies Cert BLegitimacy: ID ' B=Dec Cert_Public(Key Cert_Public, Enc Cert_Pubilic(Key Cert_Private, ID B), if ID ' B=ID BCert then BBe legal, then for the correctness of the PKI that guarantees user B, again by Cert BIn calculate Key B_Public: Key ' B_Public=Dec Cert_Public(Key Cert_Public, Enc Cert_Public(Key Cert_Private, Key B_Public)), if Key ' A_Public=Key A_Public, then explanation is extracted successfully, extracts the checking random number R and of TB again " B, Rand " B=Dec Public(Key A_Private, Rand ' B), a checking of regeneration random number R and ABe used to verify the legitimacy of TB, and use the PKI Key of user B B_PublicTo Rand AAnd Rand " BEncrypt Rand ' A=Enc Public(Key B_Pbulic, Rand A), Rand ' " B=Enc Public(Key B_Pbulic, Rand " B), at last with Rand ' " BAnd Rand ' ASend to TB by the verification msg bag together;
Step 5, TB extracts checking random number R and B 4=Dec Public(Key B_Private, Rand ' " B), have only Key A_Public, Key A_Private, Key B_PublicAnd Key B_PrivateWhen all legal, Rand B 4=Rand B, TB finishes the legitimate verification to TA; TB extracts the checking random number R and of TB " AAnd get Rand ' " with the public key encryption of A A=Enc Public(Key A_Public, Dec Public(Key B_Private, Rand ' A)), with Rand ' " ASend TA to by the verification msg bag, TB enters the key management state;
Step 6, TA extracts checking random number R and A 4=Dec Public(Key A_Private, Rand ' " A), have only the Key of working as B_Public, Key B_ Private, Key A_PublicAnd Key A_PrivateWhen all legal, Rand A 4=Rand A, TA finishes the legitimate verification to TB.TA enters the key management state.
6. the secret information communicating method based on the Internet according to claim 1 is characterized in that: described cipher key exchange step is:
Key sends, and communication initiator TA (or TB) produces the key K ey of the symmetric cryptographic algorithm that is used for the encrypted transmission data DataAnd use the PKI of TB (or TA) that it is encrypted:
Key ' Data=Enc Public(Key B_Public, Key Data) (or Key ' Data=Enc Public(Key A_Public, Key Data)) with Key ' DataSend TB (or TA) to by the verification msg bag;
Key receives, the Key ' of TB (or TA) to receiving DataDeciphering, Key Data=Dec Public(Key B_Private, Key ' Data) and send " SUCC " information to TA (or TB) by command packet, and enter the secret information communicating state; TA (or TB) also enters the secret information communicating state after receiving " SUCC " information.
7. the secret information communicating method based on the Internet according to claim 3 is characterized in that: after authentication and the cipher key change, system enters the secret information communicating stage; In this process, TA is with secret information data g[n] through pseudo random sequence be d[n] direct-sequence spread-spectrum modulation after obtain secret information data bit flow s m[n] does short time discrete Fourier transform to it again and obtains frequency domain representation s m[j ω], afterwards by from microphone or directly read carrier voice audio signals m[n from file], use the auditory masking model according to m[n] spectral characteristic to s m[j ω] does and obtains s after frequency domain is sheltered shaping w[j ω] does inverse Fourier transform to it and obtains s w[n] then adds m[n with it] obtain embedding the carrier voice audio signals m[n behind the secret information]+s w[n] uses symmetric key Key to it afterwards DataEncrypt and be packaged into the IP datagram that comprises the general data bag after send to TB by the Internet, TB is through unpacking and use Key to the IP datagram that receives DataObtain embedding the carrier voice audio signals m[n of secret information after the deciphering]+s w[n], through secret information Detection and Extraction module, the method for using matched filter and carrying out the threshold value judgement is rebuild and is obtained secret information data g ' [n], so far finishes the secret information communicating process one time; TB also can make to use the same method and finish secret information communicating to TA transmission secret information data.
8. the secret information communicating method based on the Internet according to claim 4 is characterized in that: after authentication and the cipher key change, system enters the secret information communicating stage; In this process, TA is with secret information data g[n] through pseudo random sequence be d[n] direct-sequence spread-spectrum modulation after obtain secret information data bit flow s m[n] does short time discrete Fourier transform to it again and obtains frequency domain representation s m[j ω], afterwards by from microphone or directly read carrier voice audio signals m[n from file], use the auditory masking model according to m[n] spectral characteristic to s m[j ω] does and obtains s after frequency domain is sheltered shaping w[j ω] does inverse Fourier transform to it and obtains s w[n] then adds m[n with it] obtain embedding the carrier voice audio signals m[n behind the secret information]+s w[n] uses symmetric key Key to it afterwards DataEncrypt and be packaged into the IP datagram that comprises the general data bag after send to TB by the Internet, TB is through unpacking and use Key to the IP datagram that receives DataObtain embedding the carrier voice audio signals m[n of secret information after the deciphering]+s w[n], through secret information Detection and Extraction module, the method for using matched filter and carrying out the threshold value judgement is rebuild and is obtained secret information data g ' [n], so far finishes the secret information communicating process one time; TB also can make to use the same method and finish secret information communicating to TA transmission secret information data.
9. according to each described secret information communicating method based on the Internet of claim 1 to 8, it is characterized in that: the secret information communicating concrete steps are as follows:
Step 1, party A-subscriber and B move the secret information communicating program on computer TA and TB, and user name and the user cipher imported separately respectively according to prompting enter the secret information communicating program;
Step 2, party A-subscriber and party B-subscriber import IP address each other separately, connect by ICP/IP protocol;
Step 3, MAC information and the back IP packet that comprises the verification msg bag that uses of digital certificate encryption that one side (supposing TA) of initiation secret information communicating will be contained this machine network interface card send to TB, after TB receives this verification msg bag, extract the PKI of user A after digital certificate wherein verified; To use the IP packet that comprises the verification msg bag to send to TA with MAC Address and the digital certificate of the interim checking random number behind the rsa encryption, TB then;
Step 4, TA to the checking of the digital certificate of user B after, the interim checking random number that deciphering TB sends also generates own interim checking random number, with they with rsa encryption after the use IP datagram that comprises the verification msg bag send to TB; TB verifies these two interim checking random numbers, and encrypts the interim checking random number of TA and send to TA, and shows the authentication successful information;
Step 5, TA checking TB beams back next interim checking random number, and shows the authentication successful information; The symmetric key that the regeneration secret information communicating is used is encrypted the back with RSA Algorithm to it and is used the IP packet that comprises the verification msg bag to send to TB, and TB receives this symmetric key and deciphering, beams back " SUCC " information to TA, promptly finishes key exchange process; TA utility command packet sends " STAR " order to TB, and TB postbacks " STAR " order, and both sides promptly enter the secret information communicating state;
Step 6, TA from microphone or from the file reading of data prerecorded as the carrier voice audio data, read the secret information data from file simultaneously, earlier it is done and form the secret information data bit flow after according to the carrier voice audio data it being done frequency-domain shaping again after the direct-sequence spread-spectrum modulation, again it is added to the carrier voice audio data that just obtains having embedded secret information in the carrier voice audio data, uses the IDEA algorithm for encryption to send to TB by the IP packet that comprises the general data bag then it; After TB receives secondary data, at first, obtain the secret information data through the Detection and Extraction module again, finish the secret information communicating process one time with the deciphering of IDEA algorithm;
Step 7, after one time the secret information communicating process is finished, both sides still are in connection status, if a side thinks to carry out secret information communicating again, can send " STAR " command packet to the other side, the opposing party also postbacks " STAR " command packet, will use symmetric key at that time to carry out secret information communicating once more;
Step 8, if the communicating pair desire finishes this secret information communicating process, then a direction the opposing party sends " TERM " command packet, the opposing party also postbacks " TERM " command packet, then both sides carry out the cipher key destruction process, enter the key management state, wait for next step operation of user;
Step 9 if the user closes the secret information communicating program, then quits a program, or returns step 5 and proceed secret information communicating.
10. according to each described secret information communicating method of claim 9 based on the Internet, it is characterized in that: IP packet head defines the attribute of bag with 4 bytes that are right after destination address, all is ' 0 ' to represent that this is an IP packet that comprises the general data bag; All be ' 1 ' to represent that this is an IP packet that comprises command packet; 4 bytes for ' then to identify this be an IP packet that comprises the verification msg bag to VERI '.
CN200810220243A 2008-12-24 2008-12-24 Internet-based secret information communicating method Pending CN101764690A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200810220243A CN101764690A (en) 2008-12-24 2008-12-24 Internet-based secret information communicating method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810220243A CN101764690A (en) 2008-12-24 2008-12-24 Internet-based secret information communicating method

Publications (1)

Publication Number Publication Date
CN101764690A true CN101764690A (en) 2010-06-30

Family

ID=42495687

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200810220243A Pending CN101764690A (en) 2008-12-24 2008-12-24 Internet-based secret information communicating method

Country Status (1)

Country Link
CN (1) CN101764690A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102355359A (en) * 2011-07-15 2012-02-15 华南理工大学 Method for hiding secret information in modulation constellation
CN106254345A (en) * 2016-08-04 2016-12-21 安徽大学 A kind of mobile terminal sound communication integrity certification devices and methods therefor
CN106331379A (en) * 2016-10-27 2017-01-11 北京奇虎科技有限公司 Communication security method and device and portable mobile terminal
CN109309565A (en) * 2017-07-28 2019-02-05 中国移动通信有限公司研究院 A kind of method and device of safety certification
CN110445777A (en) * 2019-07-31 2019-11-12 华中科技大学 A kind of hidden speech signal transmission method and relevant device and storage medium
CN111615106A (en) * 2019-02-25 2020-09-01 阿里巴巴集团控股有限公司 Voice data packet encryption method and device
CN111654731A (en) * 2020-07-07 2020-09-11 成都卫士通信息产业股份有限公司 Key information transmission method and device, electronic equipment and computer storage medium
CN111683093A (en) * 2020-06-09 2020-09-18 湖南大学 Dynamic covert communication method based on IPv6 network
CN114553557A (en) * 2022-02-24 2022-05-27 广东电网有限责任公司 Key calling method, key calling device, computer equipment and storage medium

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102355359A (en) * 2011-07-15 2012-02-15 华南理工大学 Method for hiding secret information in modulation constellation
CN106254345A (en) * 2016-08-04 2016-12-21 安徽大学 A kind of mobile terminal sound communication integrity certification devices and methods therefor
CN106254345B (en) * 2016-08-04 2019-06-04 安徽大学 A kind of mobile terminal sound communication integrity authentication device and its method
CN106331379B (en) * 2016-10-27 2019-12-13 北京安云世纪科技有限公司 secret communication method and device and portable mobile terminal
CN106331379A (en) * 2016-10-27 2017-01-11 北京奇虎科技有限公司 Communication security method and device and portable mobile terminal
CN109309565A (en) * 2017-07-28 2019-02-05 中国移动通信有限公司研究院 A kind of method and device of safety certification
US11799656B2 (en) 2017-07-28 2023-10-24 China Mobile Communication Co., Ltd Research Institute Security authentication method and device
CN111615106A (en) * 2019-02-25 2020-09-01 阿里巴巴集团控股有限公司 Voice data packet encryption method and device
CN111615106B (en) * 2019-02-25 2023-09-26 阿里巴巴集团控股有限公司 Encryption method and device for voice data packet
CN110445777A (en) * 2019-07-31 2019-11-12 华中科技大学 A kind of hidden speech signal transmission method and relevant device and storage medium
CN111683093A (en) * 2020-06-09 2020-09-18 湖南大学 Dynamic covert communication method based on IPv6 network
CN111654731A (en) * 2020-07-07 2020-09-11 成都卫士通信息产业股份有限公司 Key information transmission method and device, electronic equipment and computer storage medium
CN114553557A (en) * 2022-02-24 2022-05-27 广东电网有限责任公司 Key calling method, key calling device, computer equipment and storage medium
CN114553557B (en) * 2022-02-24 2024-04-30 广东电网有限责任公司 Key calling method, device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
CN101764690A (en) Internet-based secret information communicating method
CN103763356B (en) A kind of SSL establishment of connection method, apparatus and system
Krawczyk et al. On the security of the TLS protocol: A systematic analysis
Chandra Bulletproof Wireless Security: GSM, UMTS, 802.11, and Ad Hoc Security
US20200021566A1 (en) Dynamic encryption method
Berson Skype security evaluation
CN102572817B (en) Method and intelligent memory card for realizing mobile communication confidentiality
CN101335615B (en) Method used in key consultation of USB KEY audio ciphering and deciphering device
JP5306678B2 (en) Fast authentication over slow channel
Brzuska et al. An analysis of the EMV channel establishment protocol
Kohlar et al. On the security of TLS-DH and TLS-RSA in the standard model
CN107612934A (en) A kind of block chain mobile terminal computing system and method based on Secret splitting
CN103974241A (en) Voice end-to-end encryption method aiming at mobile terminal with Android system
CN110020524B (en) Bidirectional authentication method based on smart card
CN104901935A (en) Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem)
EP1913728A1 (en) Total exchange session security
US6910129B1 (en) Remote authentication based on exchanging signals representing biometrics information
CN102883325B (en) Authentication server, mobile terminal and end to end authentication communication channel method for building up
CN107094156A (en) A kind of safety communicating method and system based on P2P patterns
US8023654B2 (en) Securing multimedia network communication
WO2016082401A1 (en) Conversation method and apparatus, user terminal and computer storage medium
Bhargavan et al. Handshake privacy for TLS 1.3-technical report
Krasnowski et al. Introducing a Verified Authenticated Key Exchange Protocol over Voice Channels for Secure Voice Communication.
CN114650173A (en) Encryption communication method and system
Merit et al. Securing speech in GSM networks using DES with Random Permutation and Inversion Algorithm

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20100630